3 matches found
node-sqlite3 安全漏洞
node-sqlite3 is an asynchronous, non-blocking SQLite3 interface library based on Node.js. A security vulnerability exists in node-sqlite3 that stems from the fact that Node.js' SQLite3 bindings are vulnerable to the execution of arbitrary JavaScript code if the binding parameters are well-designe...
GHSA-JQV5-7XPX-QJ74 sqlite vulnerable to code execution due to Object coercion
Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...
GHSA-9QRH-QJMC-5W2P Denial-of-Service when binding invalid parameters in sqlite3
Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are...